How to use encrypted pak files?

I would like to know some information about the UnrealPak.exe pak files singning method (with -sign=hex_key_values, etc).

  1. Is it production ready? Because it’s pretty much undocumented.
  2. How can I set the keyfile in UnrealAutomationTool? Is there a GUI or a way to inject the -signpak command?
  3. Does it work in PIE? (I’m having problems hardcoding the keys in PublicKey.inl, editor crashes)
  4. How’s the performance overhead? Is it an on-demand cypher?
  5. Currently I’m not even able to make a packeged project start with signedpak turned on…

Any help would be appreciated.
Thank you

I would also be interested in this :slight_smile:

Any news on this? Thank you!

bumping a topic

Hi spiez,

Due to the large volume of questions and comments concerning the Engine, we did not have a chance to respond to your post at the time you submitted it. However, if you are still interested, in addition to introducing some new features, some discussion of how encrypted pak files are used is touched upon in the Unreal Engine 4.12 Release Notes.

Since, admittedly, this is not the detailed information you are requesting, I have also entered the following documentation request: UEDOC-3144. If approved and incorporated into later documentation, we will notify you with an update to this post.

-Steve H.

Hello, any news on this matter?

Hi Jake1337,

This issue has not been closed but has been designated as a lower priority based on the number of documentation requests with greater community interest in addition to documentation for new features.

However, I have increased the community interest based on your query into this subject.

Steve H.

hi steve.
i followed your suggestion about 4.12 release not. and figure out about

Build\NoRedis\Keys.txt

but the problem is that i tried with several private/public password exponent and modulas. but all of them failed to pass the password Testing phase and was rejected by unrealpak.exe.
so can u plz provide 3 acceptable sample key to put in Keys.txt .

i tried to generate them using unrealpak.exe. but after 2 hour still it is keep running.
i have opened a thread also about this generate part:

but so far nothing.

After digging deeper into this subject I was able find a little more information that may be helpful (Some of this is translated from Chinese, so while jumbled a bit, it looks like there are some clues that might help get you past the problem you are having generating key pairs:) It is difficult to find information on this as “The code in UnrealPak was mostly meant to be a quick test when developing the pak encryption…”

"I suggest using one of the available online options for generating these keys. You can easily find a page to check if a big number is prime (P and Q should be prime) and there’s a few solutions that will generate the key pairs online too (and they’re much faster).

That creates a very large number of random numbers whose value can be designated to test the key pair… Other online tools do not recommend that you use the -sing = filename"

" … it is difficult to give a specific recommendation tools to find the n-th prime number to find two moderately large values in the order specified by a handful of sites, etc. (ie 1,000,000,000,000 29,996,224,275,833 first minority) on the command line

-GenerateKeys = Filename -P {first} -Q {decimal} second minority

.ssby using a key pair made -sign = filename to the four innings. If you are certain that you use a valid one in two minority here, you can shorten the process by using the keys to make -NoVerifyPrimes options.

As the value added by entering the area {} minority use the Hex value."

i tested packaging with Keys.txt. content of Keys.txt:

0x2F405A91B1
0xBEA1C7540F
0x10001

and here was the output:

Collecting files to add to pak file…
UATHelper: Packaging (Windows
(64-bit)): UnrealPak:
LogPakFile:Display: Collected 1260
files in 0.01s. UATHelper: Packaging
(Windows (64-bit)): UnrealPak:
LogPakFile:Display: Loading key pair
from
C:\0.ue4\UnrealEngine\myApp\Build\NoRedist\Keys.txt
UATHelper: Packaging (Windows
(64-bit)): UnrealPak:
LogPakFile:Display: Testing signature
keys. UATHelper: Packaging (Windows
(64-bit)): UnrealPak:
LogPakFile:Display: Signature keys
check completed successfuly.

so from that 4 line basically it is saying that it was able to encrypt contents inside pak file.

Testing phase:

so for testing i used this command to extract the contents from encrypted pak file :

“%CD%/UnrealPak.exe”
“C:/0.ue4/UnrealEngine/myApp/Saved/StagedBuilds/WindowsNoEditor_withpak/myApp/Content/Paks/myApp-WindowsNoEditor.pak”
-extract “%CD%/pakExtractedContentes”

pause

test1:
after that i replaced some of the extracted meshes with one of my other game and it was able to load those meshes and show them in screen!!!
so basically it was proofed that unrealPak actually did not encrypt anything . am i right?

test2:
this time i swapped the encrypted pak with another package build of same game where unrealpak did not use encryption(during this packaging i just removed Keys.txt and so it just bypass the encryption step). **that version of package app also was able to mount the encrypted pak. Should not it fail to mount it ?because i did remove the key file during the packaging of this version of app **

So the big question is :
is the unrealpak actually doing its encryption part correctly or i am doing something wrong ?

1 Like